Safari 5.0.1, 4.1.1 security fixes include AutoFill patch
updated 11:45 am EDT, Wed July 28, 2010
Closes major security hole
The Safari 5.0.1 update -- and the corresponding v4.1.1 update for Tiger -- finally fix a serious AutoFill vulnerability, an Apple security note reveals. Using a carefully-crafted site and JavaScript, vulnerable versions of Safari can be tricked into entering and sending personal information without consent. Knowledge of the threat has allegedly been in the public domain for about a year, but until now not dealt with by Apple.
The upgrades also solve a problem with RSS feeds, which could be used to trigger uploads to a remote server. All other security improvements are directed at the WebKit engine, which could potentially be exploited through holes in handling of JavaScript, expressions, SVG files, CSS counters and other elements.
The Safari 4.1.1 update applies only to Mac OS X 10.4.11, and is a 29.53MB download.
Forum Regular
Joined: Aug 2001
I wonder
Gee, do you think this autofill issue was fixed because the guy made it public, or it took them this long to actually address the issue (which has actually been around for a while in various forms)?